Mirrors/social-engineer-toolkit
2
0
Fork 0
mirror of https://github.com/trustedsec/social-engineer-toolkit synced 2025-02-17 05:48:46 +00:00
Code Issues Projects Releases Packages Wiki Activity

rehaul of mssql bruter and threading support

Browse source
This commit is contained in:
TrustedSec 2016-08-03 15:15:53 -04:00
parent 2fa3ba4e97
commit 0ae2b12a13
4 changed files with 36 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
readme/CHANGELOG
View file

@ -1,3 +1,10 @@
~~~~~~~~~~~~~~~~
version 7.3.11
~~~~~~~~~~~~~~~~
* major rehaul on mssql bruter now supports threading support for all udp/1433 scans
* combined udp/1433 sweep/scan functions and simplified code
~~~~~~~~~~~~~~~~
version 7.3.10
~~~~~~~~~~~~~~~~

38
src/core/fasttrack.py
View file

@ -2,9 +2,11 @@
from src.core.setcore import *
from src.core.menu import text
import subprocess
from multiprocessing.dummy import Pool as ThreadPool
definepath = os.getcwd()
#
#
# Fast-Track Main options and interface menus
@ -95,45 +97,27 @@ try:
if "/" in str(range):
iprange = printCIDR(range)
iprange = iprange.split(",")
for host in iprange:
sqlport = get_sql_port(host)
if sqlport != None: print_status("Found SQL port on IP Address: %s and on port: %s" % (host, sqlport))
if sqlport == None:
nmapscan = sql_nmap_scan(host)
if nmapscan != "":
sql_servers = sql_servers + \
host + ":" + "1433" + ","
print_status("Found a SQL port on IP Address: %s and on port: 1433" % (host))
if nmapscan == "": print_warning("Unable to find a SQL server on IP: %s" % (host))
if sqlport != None:
sql_servers = sql_servers + \
host + ":" + sqlport + ","
pool = ThreadPool(30)
sqlport = pool.map(get_sql_port, iprange)
pool.close()
pool.join()
for sql in sqlport:
if sql != None: sql_servers = sql_servers + sql + ","
else:
range1 = range.split(" ")
for ip in range1:
sqlport = get_sql_port(ip)
if sqlport == None:
nmapscan = sql_nmap_scan(ip)
if nmapscan != "":
sql_servers = sql_servers + \
ip + ":" + "1433" + ","
if sqlport != None:
sql_servers = sql_servers + \
ip + ":" + sqlport + ","
sql_servers = sql_servers + sqlport + ","
else:
# use udp discovery to get the SQL server UDP 1434
sqlport = get_sql_port(range)
# if its not closed then check nmap - if both fail then
# nada
if sqlport == None:
sql_nmap_scan(host)
if sql_nmap_scan != "":
sql_servers = sql_servers + \
host + ":" + "1433" + ","
if sqlport != None:
sql_servers = range + ":" + sqlport
sql_servers = sqlport + ","
# specify choice 2
if choice == "2":

2
src/core/set.version
View file

@ -1 +1 @@
7.3.10
7.3.11

30
src/core/setcore.py
View file

@ -1762,7 +1762,7 @@ def get_sql_port(host):
# Build the socket with a .1 second timeout
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.settimeout(.1)
s.settimeout(.2)
# Attempt to query UDP:1434 and return MSSQL running port
try:
@ -1772,22 +1772,26 @@ def get_sql_port(host):
d = s.recvfrom(1024)
sql_port = d[0].split(";")[9]
return sql_port
if sql_port != None:
return host + ": " + sql_port
else:
proc = subprocess.Popen("nmap -v -sT -p1433 %s" %
(ipaddr), shell=True, stdout=subprocess.PIPE)
output = proc.communicate()[0].split("\n")
result = ""
counter = 0
for result in output:
if "Discovered open port" in result:
result = result.split("on ")[1]
counter = 1
return host + ":" + result
if counter == 0:
return None
except:
pass
# this will manually tcp connect if needed
def sql_nmap_scan(ipaddr):
proc = subprocess.Popen("nmap -v -sT -p1433 %s" %
(ipaddr), shell=True, stdout=subprocess.PIPE)
output = proc.communicate()[0].split("\n")
result = ""
for result in output:
if "Discovered open port" in result:
result = result.split("on ")[1]
return result
# capture output from a function
def capture(func, *args, **kwargs):
"""Capture the output of func when called with the given arguments.